Enterprise Risk Management (ERM) is responsible for independent oversight and assessment of the company’s financial and non-financial risks. Within ERM, the Business Resiliency Risk Team is responsible for providing 2nd line of defense (2LOD) oversight of the enterprise’s business resiliency associated with all the operating activities of Freddie Mac. The primary responsibilities of the Business Resiliency Risk Director include setting the enterprise BR policy and standards, aligning and maintaining to the enterprise risk framework, monitoring and reporting aggregated risk and risk treatments, performing risk review and evaluation to identify & treat risks and enable business objectives & decision making, and driving continuous improvement of business resiliency risk management capabilities across businesses and divisions.
Your work will fall into four primary categories:
Strategy, Framework, and Policy Development
Driving the design and implementation of business continuity planning risk methodology and capabilities across Freddie Mac to manage risk efficiently and effectively in conjunction with corporate strategic objectives.
Drive and execute business resiliency risk oversight agenda as part of the risk transformation objectives, across governance, enterprise and divisional policy, standards, procedures, risk assessment and treatment, testing, and metrics & reporting.
Establish and rationalize business resiliency risk related policies, standards and procedures at enterprise level, and review divisional policy and procedures for alignment and adherence.
Understand industry trends and best practices: engage with the industry and broader ecosystem to understand industry trends, create business cases for best practices and implement changes.
Assess & Mitigate BR Risk
Work across the three-lines of defense to ensure business resiliency risk is properly mitigated and that business continuity is maintained 7 days a week, 24 hours a day, 365 days a year.
Develop and establish the profile and reporting requirements regarding business continuity planning
Conduct independent risk reviews of the technology function as it relates to business resiliency management and recommend corrective actions.
Provide leadership and direction across enterprise for proper planning, execution and escalation for business resiliency risk across all businesses and divisions.
Be key partner with the 1st-line business resiliency program team to mature risk management capabilities
Partner with operational risk leads to evaluate specific BR risks, controls, issues, and/or risk responses and support the divisions’ evaluation of BR risk
Mitigate technology risk as it relates to business continuity planning – sustainability, change management and disaster recovery.
Lead oversight of enterprise wide BR initiatives and programs
Stakeholder Engagement
Serves as a key member of the technology and risk leadership teams and related risk committees
Leads relevant BR interactions with regulatory bodies.
Provide regular updates to key stakeholders on the overall enterprise resiliency risk posture and recommendation for improvement. Prepare necessary information to facilitate management discussion and decision making. This may include Board presentation.
Communicate with stakeholders at all levels, across businesses and divisions, to achieve effective communication and sufficient stakeholder input and buy-in.
Team Management & Leadership
Evaluate the existing team, retain and motivate the group, attract outside talent and improve the overall quality of the team
Qualifications
12+ years of experience in risk, control and governance disciplines
7+ years of experience in business continuity planning and disaster recovery
Must have developed an enterprise-wide business resiliency framework that defines the metrics used for reporting and monitoring, sets the thresholds, and determines the escalation process in the event risk tolerances are breached.
Experience developing processes to identify and evaluate technology risks and control self-assessments.
Proven independent oversight of all technology risk management standards including any key risk indicators, risk limits and approval authorities
Ensure enterprise-wide technology risk is a fundamental element of the strategic planning process. Work closely with senior management and the board in defining and communicating strategies, exposures and risk across the company to ensure adequate business continuity and resiliency planning.
Experience operating within the three lines of defense model.
A self-starter with a ‘can-do‟ attitude; a driver and implementer who possesses the poise and ability to act calmly and competently in high-pressure, high-stress situations. High emotional intelligence as well strong abilities to influence those outside his/her organization.
Strong resilience, ability to lead through ambiguity, and persistence to move ahead regardless of barriers.
Proven ability to build positive, collaborative relationships at all levels of the enterprise and across a diverse set of functions. Able to develop strong relationships and influence multiple stakeholders to gain alignment and buy-in on key issues will be critical for success.
Skilled in project management as well as work plan development and implementation; astute in strategic planning, budgeting, and allocation.
A team builder with a track record of attracting, developing, and retaining high-performing talent
An undergraduate degree is required; a master’s degree is preferred. Professional certifications (CRISC, CIA, CISA, CISP, etc.) beneficial.
Key to success in this role
Ensure smooth transition of leadership to maximize continuity, stability and controls throughout the organization.
Quickly and genuinely establish trust and credibility with key stakeholders and business partners across the enterprise.
Assess, determine priorities and execute crisply on the necessary changes to mature the 2nd-line risk management function and reduce operational risk as it relates to business continuity planning and disaster recovery.
Further develop and enhance a high-performance culture with accountability throughout the organization; mentor, develop, coach, and improve team engagement.
Establish and facilitate a coordinated effort across the divisions’ risk organizations, including Information Technology division.
Be a key partner with businesses in mobilizing Business resiliency risk program and drive the 2nd-line oversight activities in this space.
Top 3 Personal Competencies to possess
Leadership – Set and execute upon a clear vision, strategy, and/or goals
Partnership – Build trust and strong partnerships through my own and my team’s actions
Seek and Embrace Change – Continuously improve work processes rather than accepting the status quo
Preferred Skills
Relevant professional certification (e.g. CISSP, CISA, CISM)
Knowledge of relevant industry standards (e.g. COBIT, NIST, ITIL, FFIEC, ISO)
Financial services industry experience
Understanding of regulatory requirements and expectations related to operational risk management
Interested in applying to this career opportunity?
Please email Taylor Frank, [email protected], and include Freddie Mac Director Business Resiliency in the subject line.
About the Freddie Mac
Today, Freddie Mac makes home possible for one in four home borrowers and is one of the largest sources of financing for multifamily housing. Join our smart, creative and dedicated team and you’ll do important work for the housing finance system and make a difference in the lives of others. Freddie Mac is an equal opportunity and top diversity employer.
